[tor-dev] Attentive Otter: Analysis of Instantbird/Thunderbird
mikeperry at torproject.org
Mon Oct 7 23:33:50 UTC 2013
This outline was a collaborative effort between me and Sukhbir Singh.
Code and package URLs:
Instantbird Code: http://hg.instantbird.org
Thunderbird Code: https://github.com/mozilla/releases-comm-central
+ Cross-platform (Windows, OS X, Linux).
+ Based on XUL+XPCOM (specifically Thunderbird).
+ Many existing Thunderbird addons should be easy to port.
+ Periodically syncs its codebase with Thunderbird:
+ Thunderbird can be used as combined secure Chat+Email communications
+ One piece of software for all secure communications is a usability win
+ Leveraging the work done on TorBirdy, we can distribute Instantbird
and Tor (and related components) in a single package, or as a combined
+ Use Tor Launcher as the controller (sukhe recently added Thunderbird
+ Will allow seamless zero-configuration Tor usage for normal case,
and will share Tor Browser's future Pluggable Transport support
with no additional effort.
+ See the TorBirdy manual for more information:
+ Good protocol support:
Currently Instantbird supports by default: AIM, Bonjour, Facebook Chat,
Gadu-Gadu, Google Talk, Groupwise, ICQ, IRC, MSN, MySpaceIM, Netsoul,
Odnoklassniki, QQ, Simple, Twitter, VKontakte, XMPP, Yahoo and Yahoo JAPAN.
+ Supports "portable version".
+ InstantBird is available in 14 languages; Thunderbird is available in ~65
+ Clean and easy to use interface.
+ We are amassing a fair amount of in-house expertise with Mozilla/XPCOM,
which we can use for code review, UI design, etc.
+ Can also leverage our existing relationship with Mozilla to share workload
* Currently based on libpurple, but Mozilla is working to replace libpurple
with pure JS implementations (due to both licensing and code
quality/security issues with libpurple). Instantbird nightlies have
this code but it must be enabled via about:config. Seems to work.
- No OTR support yet
+ OTR support tickets:
+ For a stopgap/prototype: We can use the js-ctypes wrapper of libotr
along with the message observer API
+ Example observer API use w/ rot13:
+ JS-Ctypes wrapper for native libotr:
+ The ctypes wrapper can be converted to an XPCOM wrapper later.
+ According to sshagarwal #maildev on irc.mozilla.org, Mozilla is
also working towards implementing all of the primitives needed for OTR (and OTR
itself) in NSS. These are listed in this comment:
+ We could also rely on the ctypes wrapper until native support is
available, and possibly skip an XPCOM libotr wrapper entirely.
+ Solid proxy support. JS XMPP implementation allows you to omit DNS SRV
and since everything goes through nsIChannels, proxy support is easy
to verify and audit.
+ Messaging window is jailed to type=content (unlike cryptocat) and is
additionally XSS filtered immediately prior to display:
Summary of Goals Met:
Release a secure, portable chat program that sends all traffic over Tor:
Can be used with a wide variety of chat networks:
+ Yes, even without libpurple
Uses off-the-record encryption of conversations by default:
- Not yet, but support is coming, and it's not too hard to deploy a stopgap
French, Spanish, and Arabic support:
* Partly yes. Full support for French and Spanish, but Instandbird
has no translations for Farsi or Arabic (however Thunderbird does support
these locales and can also be used as a chat client).
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: Digital signature
More information about the tor-dev